Use sudo instead of pkexec for CLI

[detjensrobert]

This allows for "headless" use in scripts in conjunction with a NOPASSWD entry in the sudoers file.

Currently, this always uses sudo if called from the CLI, but if you would like sudo usage specified as e.g. a --sudo flag, I can do that as well.

I am using this with a systemd user service to start NoiseTorch on login--works great!

[lawl]

Hey, thanks for the PR, unfortunately I'm a bit hesitant to merge this for two reasons.

• Is it not possible to configure policy-kit to allow pkexec without a password prompt? A quick web search sais it should, but I haven't tried it.
• 2 pkexec was kind of a hack to begin with. Ideally I think we should transition to using the CAP_SYS_RESOURCE capability.

[detjensrobert]

Is it not possible to configure policy-kit to allow pkexec without a password prompt? A quick web search sais it should, but I haven't tried it.

The default pkexec call from NoiseTorch falls under the generic org.freedesktop.policykit.exec scope, which I am hesitant to allow without a password.

After some digging, I see you can create a custom scope, which I've created and is working. I've included it below, but not sure how useful it will be since it has to go under /usr/share/polkit-1/actions/:

/usr/share/polkit-1/actions/org.noisetorch.pulselimit.policy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
<policyconfig>

  <action id="org.noisetorch.pulselimit.policy">
    <message>Authentication is required to load NoiseTorch</message>
    <icon_name>audio-input-microphone</icon_name>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/home/REPLACEMEWITHUSERNAME/.local/bin/noisetorch</annotate>
  </action>

</policyconfig>

This might still be useful for people using the CLI and don't want to be brought out of the terminal by pkexec.
But, my problem has been solved by the above so feel free to close if you don't feel this is needed.

[lawl]

If it's okay with you I'd like to add your polkit config to the wiki and then rather go for the imo "proper" solution of using capabilities instead of using either pkexec or sudo later.

[detjensrobert]

Go for it!

[lawl]

Awesome. Thanks. Created a wiki page: https://github.com/lawl/NoiseTorch/wiki/I-don't-want-to-enter-my-password-everytime

[detjensrobert]

Would you like me to also create a wiki page for the systemd unit I created?

[lawl]

Go ahead. There's just one thing I'd request. Please mention that this is not recommended because it causes CPU usage even when the microphone is not being used. See this upstream issue which in turn has filed in issue upstream in pulseaudio. Which is in fact part of the reason why I wrote NoiseTorch to easily load and unload it on demand.

[detjensrobert]

I don't have permission to edit the wiki here, so I've created the new page on my fork. Feel free to add this to here!

https://github.com/detjensrobert/NoiseTorch/wiki/Start-automatically-with-Systemd

[lawl]

Thanks, added!

[jkhsjdhjs]

@lawl Regarding the CPU usage note, I checked if this is also the case for PipeWire and it seems that PipeWire is clever enough to not run the NoiseTorch filtering when the source isn't used, thus not causing any CPU usage. Maybe you can extend the note by adding that it doesn't apply for PipeWire or that the note is only relevant for PulseAudio users.

[lawl]

@jkhsjdhjs done